// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Configure the db context, user manager and signin manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create); app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process. app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); // Enables the application to remember the second login verification factor such as phone or email. // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from. // This is similar to the RememberMe option when you log in. app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); // Uncomment the following lines to enable logging in with third party login providers //app.UseMicrosoftAccountAuthentication( // clientId: "", // clientSecret: ""); //app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: ""); //app.UseFacebookAuthentication( // appId: "", // appSecret: ""); //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() //{ // ClientId = "", // ClientSecret = "" //}); var microsoftOnlineOptions = new MicrosoftOnlineAuthenticationOptions { ClientId = "", ClientSecret = "", Provider = new MicrosoftOnlineAuthenticationProvider() }; microsoftOnlineOptions.Scope.Add("https://outlook.office.com/Mail.ReadWrite"); microsoftOnlineOptions.Scope.Add("https://outlook.office.com/Calendars.ReadWrite"); microsoftOnlineOptions.Scope.Add("https://outlook.office.com/Contacts.ReadWrite"); microsoftOnlineOptions.Scope.Add("offline_access"); microsoftOnlineOptions.Scope.Add("openid"); app.UseMicrosoftOnlineAuthentication(microsoftOnlineOptions); var azureAdOptions = new AzureADAuthenticationOptions { ClientId = "", ClientSecret = "", Provider = new AzureADAuthenticationProvider() }; // if an Office 365 subscription is attached to the Azure AD tenant you can ask for // resource "https://outlook.office365.com/" and get access to Office 365 REST APIs azureAdOptions.Resource.Add("https://graph.windows.net/"); app.UseAzureADAuthentication(azureAdOptions); }
public static IAppBuilder UseStardustAzureAd(this IAppBuilder app, Func<Microsoft.Owin.IOwinContext, Task> handler = null, string tokenEncryptionKey = null) { app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ExternalCookie, AuthenticationMode = AuthenticationMode.Active, CookieName = ".sd.ec", ExpireTimeSpan = TimeSpan.FromMinutes(5), CookieManager = new SystemWebCookieManager(), SlidingExpiration = true, CookieSecure = CookieSecureOption.Always, Provider = new CookieAuthenticationProvider { OnValidateIdentity = context => { context.ReplaceIdentity(context.Identity); return Task.FromResult(0); }, OnResponseSignIn = context => { Logging.DebugMessage(context.AuthenticationType); } }, LoginPath = PathString.FromUriComponent("/auth/login"), LogoutPath = PathString.FromUriComponent("/auth/logout"), }); var identitySettings = RuntimeFactory.Current.Context.GetServiceConfiguration().IdentitySettings; var options = new AzureADAuthenticationOptions { ClientId = ClientId, ClientSecret = ClientSecret, AuthenticationMode = AuthenticationMode.Passive, Provider = new AzureADAuthenticationProvider { OnAuthenticated = context => { context.Identity.AddClaim(new Claim("AccessToken", context.AccessToken)); context.Identity.AddClaim(new Claim("RefreshToken", context.RefreshToken)); return Task.FromResult(0); }, }, Resource = { identitySettings.Realm }, }; app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { AuthenticationMode = AuthenticationMode.Passive, SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie, ClientId = ClientId, Authority = identitySettings.IssuerAddress.StartsWith("https://") ? identitySettings.IssuerAddress : "https://" + identitySettings.IssuerAddress, //MetadataAddress = identitySettings.MetadataUrl.StartsWith("https://") ? identitySettings.MetadataUrl : "https://" + identitySettings.MetadataUrl , Notifications = new OpenIdConnectAuthenticationNotifications { AuthorizationCodeReceived = context => { if (context.OwinContext.Request.User.Identity.IsAuthenticated) { return Task.FromResult(0); } var code = context.Code; var credential = new ClientCredential(ClientId, ClientSecret); var authContext = new AuthenticationContext(identitySettings.IssuerAddress, new NativeTokenCache()); var result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, "https://graph.windows.net"); var principal = new ClaimsPrincipal(context.AuthenticationTicket.Identity); Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal; context.OwinContext.Authentication.SignIn((ClaimsIdentity)principal.Identity); return Task.FromResult(0); }, RedirectToIdentityProvider = (context) => { if (context.OwinContext.Authentication.AuthenticationResponseChallenge != null) { if (context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary.ContainsKey(ResourceKey)) { context.ProtocolMessage.Resource = context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary[ResourceKey]; } } return Task.FromResult(0); } } }); app.UseAzureADAuthentication(options); new SetupContext(null).MakeOAuthAwareService(); return app; }
public static IAppBuilder UseStardustAzureAd(this IAppBuilder app, Func <Microsoft.Owin.IOwinContext, Task> handler = null, string tokenEncryptionKey = null) { app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ExternalCookie, AuthenticationMode = AuthenticationMode.Active, CookieName = ".sd.ec", ExpireTimeSpan = TimeSpan.FromMinutes(5), CookieManager = new SystemWebCookieManager(), SlidingExpiration = true, CookieSecure = CookieSecureOption.Always, Provider = new CookieAuthenticationProvider { OnValidateIdentity = context => { context.ReplaceIdentity(context.Identity); return(Task.FromResult(0)); }, OnResponseSignIn = context => { Logging.DebugMessage(context.AuthenticationType); } }, LoginPath = PathString.FromUriComponent("/auth/login"), LogoutPath = PathString.FromUriComponent("/auth/logout"), }); var identitySettings = RuntimeFactory.Current.Context.GetServiceConfiguration().IdentitySettings; var options = new AzureADAuthenticationOptions { ClientId = ClientId, ClientSecret = ClientSecret, AuthenticationMode = AuthenticationMode.Passive, Provider = new AzureADAuthenticationProvider { OnAuthenticated = context => { context.Identity.AddClaim(new Claim("AccessToken", context.AccessToken)); context.Identity.AddClaim(new Claim("RefreshToken", context.RefreshToken)); return(Task.FromResult(0)); }, }, Resource = { identitySettings.Realm }, }; app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { AuthenticationMode = AuthenticationMode.Passive, SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie, ClientId = ClientId, Authority = identitySettings.IssuerAddress.StartsWith("https://") ? identitySettings.IssuerAddress : "https://" + identitySettings.IssuerAddress, //MetadataAddress = identitySettings.MetadataUrl.StartsWith("https://") ? identitySettings.MetadataUrl : "https://" + identitySettings.MetadataUrl , Notifications = new OpenIdConnectAuthenticationNotifications { AuthorizationCodeReceived = context => { if (context.OwinContext.Request.User.Identity.IsAuthenticated) { return(Task.FromResult(0)); } var code = context.Code; var credential = new ClientCredential(ClientId, ClientSecret); var authContext = new AuthenticationContext(identitySettings.IssuerAddress, new NativeTokenCache()); var result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, "https://graph.windows.net"); var principal = new ClaimsPrincipal(context.AuthenticationTicket.Identity); Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal; context.OwinContext.Authentication.SignIn((ClaimsIdentity)principal.Identity); return(Task.FromResult(0)); }, RedirectToIdentityProvider = (context) => { if (context.OwinContext.Authentication.AuthenticationResponseChallenge != null) { if (context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary.ContainsKey(ResourceKey)) { context.ProtocolMessage.Resource = context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary[ResourceKey]; } } return(Task.FromResult(0)); } } }); app.UseAzureADAuthentication(options); new SetupContext(null).MakeOAuthAwareService(); return(app); }